14 Mar Practice Test Question – Web Application Attacks
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Brynn is concerned about the risks associated with web application attacks and wishes to perform input validation. What is the best place to perform this task?
A. In the user’s browser via HTML
B. On the web server
D. On the database server
Correct Answer: B
Input validation should always be performed on the web server. Database servers do not see the full input provided by the user and are not well-situated to perform input validation. Input validation should never be performed at the web browser because a malicious user can disable that validation code.